In a broad sense, efficient paging and security for wireless applications such as paging have opposing constraints. On the one hand, paging uses its non-real time capabilities to pack information efficiently to reduce the inefficient use of the wireless bandwidth. Security measures such as encryption on the other hand typically add to the information being transmitted over the air. The increased number of users and the increase in the average size of messages (including text, facsimile, audio and eventually video information) will only put further constraints on the use of the limited bandwidth provided.
In the normal process for passing a secured message with signature from a sender to a receiver, the steps in method 10 are typically followed as described with reference to FIG. 1. First the user creates a text message at step 12. Then, the user generates a digest of the text message using a one-way function (e.g. a secure hash function) at step 14. The user then attaches his signature at step 18 by first encrypting the digest using his signature or private key at step 20 and running it through an asymmetric engine 16, typically the private key corresponds to a public key found in a traceable certificate 26. The message and digital signature are then appended at step 22. The message with signature 24 is then catenated at step 27 to the traceable certificate 26 to create an authenticatable message 28. The authenticatable message 28 is then encrypted by using a symmetric engine 30 and a session key 32 to provide an encrypted message 40. The session key 32 (normally a random symmetric key) is itself encrypted using a recipient's asymmetric public key 34 and an asymmetric engine 36 to create a digital envelope 38. The encrypted message 40 is then appended at step 42 to the digital envelope 38 to create an encrypted message plus signature plus certificate with envelope 44.
With reference to FIG. 2, the typical decryption process begins by separating (46) the components of the encrypted message plus signature plus certificate with envelope 44 into the encrypted message 56 and a digital envelope 48. Preferably, digital envelope 48 is the same as digital envelope 38 from FIG. 1. The session key 54 (preferably session key 54 is the same as session key 32 of FIG. 1) is recovered (decrypted) by the recipient using their private key 52 (corresponding to the recipient's private key 34) and running the digital envelope 48 through an asymmetric engine 49 using the private key 52. The encrypted message 56 with signature is decrypted using the session key 54. In other words, by using the session key 54 the encrypted message 56 is run through a symmetric engine 58 to obtain an authenticatable message 60 (which should be the same as the authenticatable message 28 of FIG. 1). Thus, the recipient can confirm (to a reasonable degree) the identity of the sender of the message as will be seen in the next few steps. Next, the authenticatable message is separated (62) into a certificate 64 and a separate signed message 68 corresponding respectivley to the certificate 26 and signed message 24 of FIG. 1. The signed message 68 itself will also be separated (70) into a readable text message 80 and a digital signature 72 corresponding respectively to the message 12 and digital signature 18 of FIG. 1. A sender's public key 66 is extracted from the certificate 64 and then used to decrypt the signature into a digest 77. In other words, the digital signature 72 is passed through an asymmetric engine 74 using the sender's public key 66 to provide a digest 77 which should be a copy of the actual digest. The text message 80 is run through the same (hash) function (as in step 14 of FIG. 1) to retrieve the actual digest 79. The actual digest 79 and the digest 77 are compared at step 76 to verify proper signature. Note that in the example above, the certificate is embedded in the encrypted message and significantly increases the size of the encrypted message.